[Infowarrior] - You Keep Using That Word. I Do Not Think It Means What You Think It Means.

Richard Forno rforno at infowarrior.org
Sat Jun 21 11:32:26 CDT 2014


You Keep Using That Word. I Do Not Think It Means What You Think It Means.

June 20, 2014

By Kara Drapala

http://blog.opendns.com/2014/06/20/keep-using-word-think-means-think-means/

Buzzwords are the worst, and unfortunately the security industry is rife with jargon—terms that either don’t mean anything in the first place or try ineffectively to dress up un-sexy verbiage for marketing purposes. You’ll definitely see some familiar argot below; many practitioners and all vendors are guilty of using these phrases—including us!

In this post, we round up the worst words around and examine how they’re being used in the security space. Now, you can stop shouting “the cloud! the cloud!” at your screen – we’ll get to it. But first, the rest of the list:

Defense-in-Depth (a.k.a. expense-in-depth):

Buyer, beware! This concept refers to the multiple layers of security protecting your data. Unfortunately, this term has also become the battlecry of “me too” vendors – salesmen trying to con buyers into wasting money on solutions they don’t really need. Smart security spending, strategically aligned to what your greatest risks are, will trump a mess of the latest and greatest any day.

APT (Advanced Persistent Threat):

More like advanced persistent term, amirite? First, an incredibly brief definition: APTs are a specific type of targeted attack. They are conceived and executed by professionals using highly evolved methods, and their goal is to live in your network for long periods of time, siphoning data from your organization for malicious purposes. Real APTs are serious threats and should be recognized as such.

That being said, APT is a handy acronym that looks great when written threateningly at the top of a Web page or one-pager. This once-serious term has been ground through the marketing mill so thoroughly that it has very little meaning anymore – vendors claim that their solutions can protect against APTs, but guess what? THEY DON’T—they’re just slapping the APT label on any attack that threatens your network, advanced, persistent, targeted, or not.

Big Data:

First things first—if you are storing or analyzing “big data” in an SQL database or SIEM, it is not big data. In a world where everyone claims to have vast amounts of information at their fingertips, the term is subjective and size is relative. More importantly, when discussing the concept of Big Data, most people get hung up on volume, and often neglect the fact that extracting relevant and compelling intelligence (in a timely fashion) from that data is the real prize. For more information on Big Data, check out this blog from OpenDNS Product Manager Trey Kelly.

Unknown Threat:

“Reports that say there’s—that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don’t know we don’t know.” – Donald Rumsfeld

ROI:

A phrase seemingly invented to placate management types. What could be better than explaining how much money and/or time you’re about to save the company? Not much. However, this term becomes relatively meaningless to actual security practitioners before the ink dries on the contract.

User-friendly:

A great characteristic to list on your product page, but irrelevant for practiced professionals. “User-friendly” smacks of the technically incompetent.

Next-Generation:

Vendors are constantly trying to out-do their competition––so it makes sense that companies don’t just want to be the best TODAY, they want to be the best tomorrow, too. But who decides when one generation ends, and another begins? Does a survey go out? Is there a countdown clock? And in 2015, are we going to start seeing marketing promos for the Next-Next-Generation Firewalls? At the end of the day, this phrase is so overused it has absolutely no meaning.

The Cloud:

Typing “What is the cloud?” into Google yields about 265,000,000 results, yet somehow, no one seems to know what the cloud is. It’s a term as nebulous and ephemeral as its namesake, and thus has been exploited to death by marketers looking to capitalize on the confusion of buyers.

Here’s the thing: done right, the cloud is awesome. It can give individuals and organizations alike access to new tools that promote efficiency, collaboration, productivity, and security at scale. Unfortunately, these tangible benefits of cloud computing have remained a mystery to most people, causing them to place the cloud on a puffy pedestal and creating headaches for their earth-bound IT admins (sometimes with hilarious results).


---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.



More information about the Infowarrior mailing list